]> granicus.if.org Git - curl/log
curl
7 years agoconfigure: check for C++ compiler after C, to make it non-fatal
Daniel Stenberg [Thu, 7 Sep 2017 14:25:38 +0000 (16:25 +0200)]
configure: check for C++ compiler after C, to make it non-fatal

The tests for object file/executable file extensions are presumably only
done for the first of these macros in the configure file.

Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
Reported-by: Marcel Raad
Closes #1873

7 years agoform API: add new test 650.
Patrick Monnerat [Thu, 7 Sep 2017 18:11:02 +0000 (19:11 +0100)]
form API: add new test 650.

Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.

7 years agoconfigure: fix curl_off_t check's include order
Jay Satiro [Wed, 6 Sep 2017 22:04:16 +0000 (18:04 -0400)]
configure: fix curl_off_t check's include order

- Prepend srcdir include path instead of append.

Prior to this change it was possible that during the check for the size
of curl_off_t the include path of a user's already installed curl could
come before the include path of the to-be-built curl, resulting in the
system.h of the former being incorrectly included for that check.

Closes https://github.com/curl/curl/pull/1870

7 years agoKNOWN_BUGS: Remove CMake symbol hiding issue
Jakub Zakrzewski [Sat, 26 Aug 2017 15:34:07 +0000 (17:34 +0200)]
KNOWN_BUGS: Remove CMake symbol hiding issue

It has already been fixed in 6140dfc

7 years agohttp-proxy: when not doing CONNECT, that phase is done immediately
Daniel Stenberg [Mon, 4 Sep 2017 21:43:05 +0000 (23:43 +0200)]
http-proxy: when not doing CONNECT, that phase is done immediately

`conn->connect_state` is NULL when doing a regular non-CONNECT request
over the proxy and should therefor be considered complete at once.

Fixes #1853
Closes #1862
Reported-by: Lawrence Wagerfield
7 years agoOpenSSL: fix yet another mistake while encapsulating SSL backend data
Johannes Schindelin [Wed, 6 Sep 2017 22:55:38 +0000 (00:55 +0200)]
OpenSSL: fix yet another mistake while encapsulating SSL backend data

Another mistake in my manual fixups of the largely mechanical
search-and-replace ("connssl->" -> "BACKEND->"), just like the previous
commit concerning HTTPS proxies (and hence not caught during my
earlier testing).

Fixes #1855
Closes #1871

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agoOpenSSL: fix erroneous SSL backend encapsulation
Johannes Schindelin [Wed, 6 Sep 2017 22:04:06 +0000 (00:04 +0200)]
OpenSSL: fix erroneous SSL backend encapsulation

In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
data, 2017-06-21), this developer prepared for a separation of the
private data of the SSL backends from the general connection data.

This conversion was partially automated (search-and-replace) and
partially manual (e.g. proxy_ssl's backend data).

Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.

Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: fix memory corruption
Jay Satiro [Wed, 6 Sep 2017 21:39:21 +0000 (23:39 +0200)]
vtls: fix memory corruption

Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
2017-07-28), the code handling HTTPS proxies was broken because the
pointer to the SSL backend data was not swapped between
conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
instead set to NULL (causing segmentation faults).

[jes: provided the commit message, tested and verified the patch]

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: switch to CURL_SHA256_DIGEST_LENGTH define
Daniel Stenberg [Wed, 6 Sep 2017 07:32:02 +0000 (09:32 +0200)]
vtls: switch to CURL_SHA256_DIGEST_LENGTH define

... instead of the prefix-less version since WolfSSL 3.12 now uses an
enum with that name that causes build failures for us.

Fixes #1865
Closes #1867
Reported-by: Gisle Vanem
7 years agotravis: add c-ares enabled builds linux + osx
Daniel Stenberg [Wed, 6 Sep 2017 08:05:05 +0000 (10:05 +0200)]
travis: add c-ares enabled builds linux + osx

Closes #1868

7 years agoHISTORY: added some recent items
Daniel Stenberg [Thu, 7 Sep 2017 07:51:25 +0000 (09:51 +0200)]
HISTORY: added some recent items

7 years agoSSL: fix unused parameter warnings
Jay Satiro [Wed, 6 Sep 2017 19:11:55 +0000 (15:11 -0400)]
SSL: fix unused parameter warnings

7 years agomime: drop internal FILE * support.
Patrick Monnerat [Wed, 6 Sep 2017 12:42:03 +0000 (13:42 +0100)]
mime: drop internal FILE * support.

- The part kind MIMEKIND_FILE and associated code are suppressed.
- Seek data origin offset not used anymore: suppressed.
- MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions
  renamed accordingly.
- Curl_getformdata() processes stdin via a callback.

7 years agoconfigure: remove --enable-soname-bump and SONAME_BUMP
Daniel Stenberg [Mon, 4 Sep 2017 10:24:41 +0000 (12:24 +0200)]
configure: remove --enable-soname-bump and SONAME_BUMP

Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we
determine the native type for `curl_off_t`. To really make sure we
didn't break ABI without bumping SONAME, we introduced logic that
attempted to detect that it would use a different size and thus not be
compatible. We also provided a manual switch that allowed users to tell
configure to bump SONAME by force.

Today, we know of no one who ever got a SONAME bump auto-detected and we
don't know of anyone who's using the manual bump feature. The auto-
detection is also no longer working since we introduced defining
curl_off_t in system.h (7.55.0).

Finally, this bumping logic is not present in the cmake build.

Closes #1861

7 years agovtls: select ssl backend case-insensitive (follow-up)
Gisle Vanem [Wed, 6 Sep 2017 06:22:49 +0000 (02:22 -0400)]
vtls: select ssl backend case-insensitive (follow-up)

- Do a case-insensitive comparison of CURL_SSL_BACKEND env as well.

- Change Curl_strcasecompare calls to strcasecompare
  (maps to the former but shorter).

Follow-up to c290b8f.

Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313

Co-authored-by: Jay Satiro
7 years agoopenssl: Integrate Peter Wu's SSLKEYLOGFILE implementation
Jay Satiro [Tue, 5 Sep 2017 19:27:22 +0000 (15:27 -0400)]
openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation

This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations.

The first one, written for old OpenSSL versions:
https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c

The second one, written for BoringSSL and new OpenSSL versions:
https://github.com/curl/curl/pull/1346

Note the first one is GPL licensed but the author gave permission to
waive that license for libcurl.

As of right now this feature is disabled by default, and does not have
a configure option to enable it. To enable this feature define
ENABLE_SSLKEYLOGFILE when building libcurl and set environment
variable SSLKEYLOGFILE to a pathname that will receive the keys.

And in Wireshark change your preferences to point to that key file:
Edit > Preferences > Protocols > SSL > Master-Secret

Co-authored-by: Peter Wu
Ref: https://github.com/curl/curl/pull/1030
Ref: https://github.com/curl/curl/pull/1346

Closes https://github.com/curl/curl/pull/1866

7 years agomime: fix a trivial warning.
Patrick Monnerat [Tue, 5 Sep 2017 17:38:31 +0000 (18:38 +0100)]
mime: fix a trivial warning.

7 years agomime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code.
Patrick Monnerat [Tue, 5 Sep 2017 17:20:06 +0000 (18:20 +0100)]
mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code.

mime_state is now a typedef.

7 years agomime: implement encoders.
Patrick Monnerat [Tue, 5 Sep 2017 16:11:59 +0000 (17:11 +0100)]
mime: implement encoders.

curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.

7 years agoruntests.pl: support attribute "nonewline" in part verify/upload.
Patrick Monnerat [Tue, 5 Sep 2017 16:10:05 +0000 (17:10 +0100)]
runtests.pl: support attribute "nonewline" in part verify/upload.

7 years agofixup data/test1135
Daniel Stenberg [Tue, 5 Sep 2017 12:47:59 +0000 (14:47 +0200)]
fixup data/test1135

7 years agomime: unified to use the typedef'd mime structs everywhere
Daniel Stenberg [Tue, 5 Sep 2017 09:45:21 +0000 (11:45 +0200)]
mime: unified to use the typedef'd mime structs everywhere

... and slightly edited to follow our code style better.

7 years agocurl.h: use lower case curl_mime* as for all public symbols
Daniel Stenberg [Tue, 5 Sep 2017 09:44:28 +0000 (11:44 +0200)]
curl.h: use lower case curl_mime* as for all public symbols

7 years agodocs/curl_mime_*.3: use correct variable types in examples
Daniel Stenberg [Tue, 5 Sep 2017 09:41:03 +0000 (11:41 +0200)]
docs/curl_mime_*.3: use correct variable types in examples

7 years agoopenssl: use OpenSSL's default ciphers by default
Kamil Dudka [Wed, 30 Aug 2017 12:12:10 +0000 (14:12 +0200)]
openssl: use OpenSSL's default ciphers by default

Up2date versions of OpenSSL maintain the default reasonably secure
without breaking compatibility, so it is better not to override the
default by curl.  Suggested at https://bugzilla.redhat.com/1483972

Closes #1846

7 years agoexamples/mime: minor example code fixes
Viktor Szakats [Tue, 5 Sep 2017 10:05:27 +0000 (10:05 +0000)]
examples/mime: minor example code fixes

7 years agodocs/curl_mime_*.3: added examples
Daniel Stenberg [Tue, 5 Sep 2017 09:14:42 +0000 (11:14 +0200)]
docs/curl_mime_*.3: added examples

7 years agoconfigure: add MultiSSL to FEATURES when enabled
Daniel Stenberg [Tue, 5 Sep 2017 08:45:09 +0000 (10:45 +0200)]
configure: add MultiSSL to FEATURES when enabled

...for curl-config and its corresponding test 1014

7 years agohttp-proxy: treat all 2xx as CONNECT success
Daniel Stenberg [Mon, 4 Sep 2017 08:45:02 +0000 (10:45 +0200)]
http-proxy: treat all 2xx as CONNECT success

Added test 1904 to verify.

Reported-by: Lawrence Wagerfield
Fixes #1859
Closes #1860

7 years agoMAIL-ETIQUETTE: added "1.9 Your emails are public"
Daniel Stenberg [Tue, 5 Sep 2017 07:29:11 +0000 (09:29 +0200)]
MAIL-ETIQUETTE: added "1.9 Your emails are public"

7 years agocurl.h: fix "unused checksrc ignore", remove dangling reference
Daniel Stenberg [Mon, 4 Sep 2017 17:59:11 +0000 (19:59 +0200)]
curl.h: fix "unused checksrc ignore", remove dangling reference

... to a README file that doesn't exist anymore

7 years agodocs: Update to secure URL versions
Viktor Szakats [Mon, 4 Sep 2017 14:08:54 +0000 (14:08 +0000)]
docs: Update to secure URL versions

7 years agomime: use CURL_ZERO_TERMINATED in examples
Viktor Szakats [Mon, 4 Sep 2017 13:58:10 +0000 (13:58 +0000)]
mime: use CURL_ZERO_TERMINATED in examples

and some minor whitespace fixes

7 years agoschannel: return CURLE_SSL_CACERT on failed verification
Daniel Stenberg [Sun, 3 Sep 2017 22:02:29 +0000 (00:02 +0200)]
schannel: return CURLE_SSL_CACERT on failed verification

... not *CACERT_BADFILE as it isn't really because of a bad file.

Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html
Closes #1858

7 years agotest1135: fixed after bd8070085f9
Daniel Stenberg [Mon, 4 Sep 2017 09:44:42 +0000 (11:44 +0200)]
test1135: fixed after bd8070085f9

7 years agoexamples/post-callback: stop returning one byte at a time
Daniel Stenberg [Mon, 4 Sep 2017 09:39:59 +0000 (11:39 +0200)]
examples/post-callback: stop returning one byte at a time

... since people copy and paste code from this example and thus they get
an inefficient POST operation without a good reason and sometimes
without understanding why.

Instead this now returns as much data as possible.

7 years agoRELEASE-NOTES: fixed the function counter script
Daniel Stenberg [Mon, 4 Sep 2017 07:40:04 +0000 (09:40 +0200)]
RELEASE-NOTES: fixed the function counter script

7 years agocurl.h: make the curl_strequal() protos use the same style
Daniel Stenberg [Mon, 4 Sep 2017 07:38:19 +0000 (09:38 +0200)]
curl.h: make the curl_strequal() protos use the same style

... as the other functions. Makes it easier to machine-parse!

7 years agodocs: curl_mime_*.3 man page formatting edits
Daniel Stenberg [Mon, 4 Sep 2017 07:20:24 +0000 (09:20 +0200)]
docs: curl_mime_*.3 man page formatting edits

7 years agoRELEASE-NOTES: synced with 1ab9e9b50
Daniel Stenberg [Mon, 4 Sep 2017 06:34:53 +0000 (08:34 +0200)]
RELEASE-NOTES: synced with 1ab9e9b50

7 years agolib: bump version info (soname). Adapt and reenable test 1135.
Patrick Monnerat [Sun, 3 Sep 2017 23:35:53 +0000 (00:35 +0100)]
lib: bump version info (soname). Adapt and reenable test 1135.

7 years agoheaders: move the global_sslset() proto from multi.h to curl.h
Daniel Stenberg [Sun, 3 Sep 2017 21:51:42 +0000 (23:51 +0200)]
headers: move the global_sslset() proto from multi.h to curl.h

As it was added to multi.h simply to not break test 1135, which now has
been disabled due to the mime API addition anyway and su we can now move
the sslset stuff to where the other curl_global_* prototypes are.

7 years agomime: fix signed/unsigned conversions.
Patrick Monnerat [Sun, 3 Sep 2017 16:48:15 +0000 (17:48 +0100)]
mime: fix signed/unsigned conversions.

Use and generate CURL_ZERO_TERMINATED in curl tool and tests.

7 years agotool_formparse: fix some trivial warnings
Jay Satiro [Sun, 3 Sep 2017 16:13:44 +0000 (12:13 -0400)]
tool_formparse: fix some trivial warnings

7 years agomime: use size_t instead of ssize_t in public API interface.
Patrick Monnerat [Sun, 3 Sep 2017 15:10:55 +0000 (16:10 +0100)]
mime: use size_t instead of ssize_t in public API interface.

To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED
has been introduced.

Documentation updated accordingly.

symbols in versions updated. Added form API symbols deprecation info.

7 years agomime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
Patrick Monnerat [Sun, 3 Sep 2017 13:45:43 +0000 (14:45 +0100)]
mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().

This feature is badly supported in Windows: as a replacement, a caller has
to use curl_mime_data_cb() with fread, fseek and possibly fclose
callbacks to process opened files.

The cli tool and documentation are updated accordingly.

The feature is however kept internally for form API compatibility, with
the known caveats it always had.

As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.

7 years agomime: fix some implicit curl_off_t --> size_t conversion warnings.
Patrick Monnerat [Sun, 3 Sep 2017 09:18:58 +0000 (10:18 +0100)]
mime: fix some implicit curl_off_t --> size_t conversion warnings.

7 years agomime: tests and examples.
Patrick Monnerat [Sat, 2 Sep 2017 18:08:45 +0000 (19:08 +0100)]
mime: tests and examples.

Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.

7 years agomime: use in curl cli tool instead of form API.
Patrick Monnerat [Sat, 2 Sep 2017 17:17:33 +0000 (18:17 +0100)]
mime: use in curl cli tool instead of form API.

Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentation upgraded.

7 years agomime: new MIME API.
Patrick Monnerat [Sat, 2 Sep 2017 16:47:10 +0000 (17:47 +0100)]
mime: new MIME API.

Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.

7 years agotest564: Add a warning comment about shell profile output.
Patrick Monnerat [Sat, 2 Sep 2017 12:01:15 +0000 (13:01 +0100)]
test564: Add a warning comment about shell profile output.

Shell profile output makes the SSH server failing and this problem reason
is not easy to find when no hint is given.

7 years agochecksrc: disable SPACEBEFOREPAREN for case statement.
Patrick Monnerat [Sat, 2 Sep 2017 11:58:55 +0000 (12:58 +0100)]
checksrc: disable SPACEBEFOREPAREN for case statement.

The case keyword may be followed by a constant expression and thus should
allow it to start with an open parenthesis.

7 years agoruntests.pl: allow <file[1-4]> tags in client section.
Patrick Monnerat [Sat, 2 Sep 2017 11:57:13 +0000 (12:57 +0100)]
runtests.pl: allow <file[1-4]> tags in client section.

This enables tests to create more than one file on the client side.

7 years agoruntests.pl: Apply strippart to upload too.
Patrick Monnerat [Sat, 2 Sep 2017 11:55:28 +0000 (12:55 +0100)]
runtests.pl: Apply strippart to upload too.

This will allow substitution of boundaries in mail messages.

7 years agoCurl_base64_encode: always call with a real data handle.
Patrick Monnerat [Sat, 2 Sep 2017 11:49:59 +0000 (12:49 +0100)]
Curl_base64_encode: always call with a real data handle.

Some calls in different modules were setting the data handle to NULL, causing
segmentation faults when using builds that enable character code conversions.

7 years agonon-ascii: allow conversion functions to be called with a NULL data handle.
Patrick Monnerat [Sat, 2 Sep 2017 11:45:21 +0000 (12:45 +0100)]
non-ascii: allow conversion functions to be called with a NULL data handle.

7 years agohttp: fix a memory leakage in checkrtspprefix().
Patrick Monnerat [Sat, 2 Sep 2017 11:40:19 +0000 (12:40 +0100)]
http: fix a memory leakage in checkrtspprefix().

7 years agoossfuzz: Move to C++ for curl_fuzzer.
Max Dymond [Fri, 1 Sep 2017 20:48:41 +0000 (21:48 +0100)]
ossfuzz: Move to C++ for curl_fuzzer.

Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.

7 years agocurl_global_sslset: select backend by name case insensitively
Daniel Stenberg [Thu, 31 Aug 2017 09:54:51 +0000 (11:54 +0200)]
curl_global_sslset: select backend by name case insensitively

Closes #1849

7 years agoossfuzz: additional seed corpora
Max Dymond [Tue, 29 Aug 2017 22:03:50 +0000 (23:03 +0100)]
ossfuzz: additional seed corpora

Create simple seed corpora for:
- FTP
- telnet
- dict
- tftp
- imap
- pop3

based off the tests of the same number.

Closes #1842

7 years agoossfuzz: moving towards the ideal integration
Max Dymond [Sun, 27 Aug 2017 14:57:05 +0000 (15:57 +0100)]
ossfuzz: moving towards the ideal integration

- Start with the basic code from the ossfuzz project.
- Rewrite fuzz corpora to be binary files full of Type-Length-Value
  data, and write a glue layer in the fuzzing function to convert
  corpora into CURL options.
- Have supporting functions to generate corpora from existing tests
- Integrate with Makefile.am

7 years agostrcase: corrected comment header for Curl_strcasecompare()
Daniel Stenberg [Thu, 31 Aug 2017 09:37:36 +0000 (11:37 +0200)]
strcase: corrected comment header for Curl_strcasecompare()

7 years agounit1301: fix error message on first test
Daniel Stenberg [Thu, 31 Aug 2017 09:37:13 +0000 (11:37 +0200)]
unit1301: fix error message on first test

7 years agocurl_global_sslset.3: show the struct and enum too
Daniel Stenberg [Thu, 31 Aug 2017 08:12:50 +0000 (10:12 +0200)]
curl_global_sslset.3: show the struct and enum too

... so that users can actually write code based on the man page alone,
not having to read the header file.

7 years agodarwinssl: handle long strings in TLS certs (follow-up)
Jay Satiro [Mon, 28 Aug 2017 03:37:02 +0000 (23:37 -0400)]
darwinssl: handle long strings in TLS certs (follow-up)

- Fix handling certificate subjects that are already UTF-8 encoded.

Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.

Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831

Closes https://github.com/curl/curl/pull/1836

7 years agocyassl: call it the "WolfSSL" backend
Daniel Stenberg [Wed, 30 Aug 2017 10:48:53 +0000 (12:48 +0200)]
cyassl: call it the "WolfSSL" backend

... instead of cyassl, as this is the current name for it.

Closes #1844

7 years agopolarssl: fix multissl breakage
Daniel Stenberg [Wed, 30 Aug 2017 08:26:37 +0000 (10:26 +0200)]
polarssl: fix multissl breakage

Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html
Closes #1843

7 years agoconfigure: remove the leading comma from the backends list
Daniel Stenberg [Wed, 30 Aug 2017 10:58:37 +0000 (12:58 +0200)]
configure: remove the leading comma from the backends list

... when darwinssl is used.

Reported-by: Viktor Szakats
Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493

Closes #1845

7 years agoexamples/sslbackend.c: fix failure of 'make checksrc'
Kamil Dudka [Wed, 30 Aug 2017 12:16:35 +0000 (14:16 +0200)]
examples/sslbackend.c: fix failure of 'make checksrc'

./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE)
   } else if(isdigit(*name)) {
   ^
./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE)
   } else
   ^

7 years agomakefile.m32: add multissl support
Viktor Szakats [Wed, 30 Aug 2017 10:44:50 +0000 (10:44 +0000)]
makefile.m32: add multissl support

Closes https://github.com/curl/curl/pull/1840

7 years agocurl.h: CURLSSLBACKEND_WOLFSSL used wrong value
Daniel Stenberg [Wed, 30 Aug 2017 08:04:00 +0000 (10:04 +0200)]
curl.h: CURLSSLBACKEND_WOLFSSL used wrong value

The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for
CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk
for a similar mistake, define the backend aliases to use the enum values
instead.

Reported-by: Gisle Vanem
Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html

7 years agocurl_global_sslset.3: clarify
Daniel Stenberg [Wed, 30 Aug 2017 07:48:14 +0000 (09:48 +0200)]
curl_global_sslset.3: clarify

it is a one time *set*, not necessarily a one time use... it can be
called again if the first call failed or just listed the alternatives.

clarify that the available backends are the ones this build supports

plus add some formatting

Reported-by: Rich Gray
Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html

7 years agocurl/multi.h: remove duplicated closing c++ brace
Daniel Stenberg [Tue, 29 Aug 2017 15:14:36 +0000 (17:14 +0200)]
curl/multi.h: remove duplicated closing c++ brace

Regression since 1328f69d53f2f2e93

Fixes #1841
Reported-by: Andrei Karas
7 years agoRELEASE-NOTES: synced with 8c33c963a
Daniel Stenberg [Tue, 29 Aug 2017 08:51:01 +0000 (10:51 +0200)]
RELEASE-NOTES: synced with 8c33c963a

7 years agoHELP-US.md: spelling
Daniel Stenberg [Tue, 29 Aug 2017 06:31:59 +0000 (08:31 +0200)]
HELP-US.md: spelling

7 years agoHELP-US.md: "How to get started helping out in the curl project"
Daniel Stenberg [Mon, 28 Aug 2017 09:29:39 +0000 (11:29 +0200)]
HELP-US.md: "How to get started helping out in the curl project"

Closes #1837

7 years agoasyn-thread: Fixed cleanup after OOM
Dan Fandrich [Mon, 28 Aug 2017 22:30:30 +0000 (00:30 +0200)]
asyn-thread: Fixed cleanup after OOM

destroy_async_data() assumes that if the flag "done" is not set yet, the
thread itself will clean up once the request is complete.  But if an
error (generally OOM) occurs before the thread even has a chance to
start, it will never get a chance to clean up and memory will be leaked.
By clearing "done" only just before starting the thread, the correct
cleanup sequence will happen in all cases.

7 years agocurl_global_init.3: mention curl_global_sslset(3)
Daniel Stenberg [Mon, 28 Aug 2017 21:58:11 +0000 (23:58 +0200)]
curl_global_init.3: mention curl_global_sslset(3)

7 years agounit1606: Fixed shadowed variable warning
Dan Fandrich [Mon, 28 Aug 2017 21:54:25 +0000 (23:54 +0200)]
unit1606: Fixed shadowed variable warning

7 years agoasyn-thread: Improved cleanup after OOM situations
Dan Fandrich [Mon, 28 Aug 2017 21:43:36 +0000 (23:43 +0200)]
asyn-thread: Improved cleanup after OOM situations

7 years agoasyn-thread: Set errno to the proper value ENOMEM in OOM situation
Dan Fandrich [Mon, 28 Aug 2017 21:41:04 +0000 (23:41 +0200)]
asyn-thread: Set errno to the proper value ENOMEM in OOM situation

This used to be set in some configurations to EAI_MEMORY which is not a
valid value for errno and caused Curl_strerror to fail an assertion.

7 years agoconfigure: Handle "MultiSSL" specially When versioning symbols
Johannes Schindelin [Thu, 24 Aug 2017 20:33:19 +0000 (22:33 +0200)]
configure: Handle "MultiSSL" specially When versioning symbols

There is a mode in which libcurl is compiled with versioned symbols,
depending on the active SSL backend.

When multiple SSL backends are active, it does not make sense to favor
one over the others, so let's not: introduce a new prefix for the case
where multiple SSL backends are compiled into cURL.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agoconfigure: allow setting the default SSL backend
Johannes Schindelin [Thu, 24 Aug 2017 20:26:48 +0000 (22:26 +0200)]
configure: allow setting the default SSL backend

Previously, we used as default SSL backend whatever was first in the
`available_backends` array.

However, some users may want to override that default without patching
the source code.

Now they can: with the --with-default-ssl-backend=<backend> option of
the ./configure script.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: use Curl_ssl_multi pseudo backend only when needed
Johannes Schindelin [Fri, 18 Aug 2017 11:15:12 +0000 (13:15 +0200)]
vtls: use Curl_ssl_multi pseudo backend only when needed

When only one SSL backend is configured, it is totally unnecessary to
let multissl_init() configure the backend at runtime, we can select the
correct backend at build time already.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agoversion: if built with more than one SSL backend, report all of them
Johannes Schindelin [Fri, 18 Aug 2017 11:01:38 +0000 (13:01 +0200)]
version: if built with more than one SSL backend, report all of them

To discern the active one from the inactive ones, put the latter into
parentheses.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agoversion: add the CURL_VERSION_MULTI_SSL feature flag
Johannes Schindelin [Fri, 18 Aug 2017 06:51:24 +0000 (08:51 +0200)]
version: add the CURL_VERSION_MULTI_SSL feature flag

This new feature flag reports When cURL was built with multiple SSL
backends.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agometalink: allow compiling with multiple SSL backends
Johannes Schindelin [Fri, 18 Aug 2017 05:53:33 +0000 (07:53 +0200)]
metalink: allow compiling with multiple SSL backends

Previously, the code assumed that at most one of the SSL backends would
be compiled in, emulating OpenSSL's functions if the configured backend
was not OpenSSL itself.

However, now we allow building with multiple SSL backends and choosing
one at runtime. Therefore, metalink needs to be adjusted to handle this
scenario, too.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agodocs/examples: demonstrate how to select SSL backends
Johannes Schindelin [Sat, 15 Jul 2017 20:30:42 +0000 (22:30 +0200)]
docs/examples: demonstrate how to select SSL backends

The newly-introduced curl_global_sslset() function deserves to be
show-cased.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agoAdd a man page for curl_global_sslset()
Johannes Schindelin [Sat, 15 Jul 2017 20:43:31 +0000 (22:43 +0200)]
Add a man page for curl_global_sslset()

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: introduce curl_global_sslset()
Johannes Schindelin [Fri, 7 Jul 2017 09:49:08 +0000 (11:49 +0200)]
vtls: introduce curl_global_sslset()

Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.

Side note: we do not explicitly test that it is called before
curl_global_init(), but we do verify that it is not called multiple times
(even implicitly).

If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.

The function also accepts an "avail" parameter to point to a (read-only)
NULL-terminated list of available backends. This comes in real handy if
an application wants to let the user choose between whatever SSL backends
the currently available libcurl has to offer: simply call

curl_global_sslset(-1, NULL, &avail);

which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
variable to point to the relevant information to present to the user.

Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: refactor out essential information about the SSL backends
Johannes Schindelin [Sat, 15 Jul 2017 11:49:30 +0000 (13:49 +0200)]
vtls: refactor out essential information about the SSL backends

There is information about the compiled-in SSL backends that is really
no concern of any code other than the SSL backend itself, such as which
function (if any) implements SHA-256 summing.

And there is information that is really interesting to the user, such as
the name, or the curl_sslbackend value.

Let's factor out the latter into a publicly visible struct. This
information will be used in the upcoming API to set the SSL backend
globally.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: allow selecting which SSL backend to use at runtime
Johannes Schindelin [Wed, 14 Jun 2017 14:56:00 +0000 (16:56 +0200)]
vtls: allow selecting which SSL backend to use at runtime

When building software for the masses, it is sometimes not possible to
decide for all users which SSL backend is appropriate.

Git for Windows, for example,  uses cURL to perform clones, fetches and
pushes via HTTPS, and some users strongly prefer OpenSSL, while other
users really need to use Secure Channel because it offers
enterprise-ready tools to manage credentials via Windows' Credential
Store.

The current Git for Windows versions use the ugly work-around of
building libcurl once with OpenSSL support and once with Secure Channel
support, and switching out the binaries in the installer depending on
the user's choice.

Needless to say, this is a super ugly workaround that actually only
works in some cases: Git for Windows also comes in a portable form, and
in a form intended for third-party applications requiring Git
functionality, in which cases this "swap out libcurl-4.dll" simply is
not an option.

Therefore, the Git for Windows project has a vested interest in teaching
cURL to make the SSL backend a *runtime* option.

This patch makes that possible.

By running ./configure with multiple --with-<backend> options, cURL will
be built with multiple backends.

For the moment, the backend can be configured using the environment
variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and
"schannel").

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: fold the backend ID into the Curl_ssl structure
Johannes Schindelin [Fri, 23 Jun 2017 22:25:29 +0000 (00:25 +0200)]
vtls: fold the backend ID into the Curl_ssl structure

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agocurl_ntlm_core: don't complain but #include OpenSSL header if needed
Johannes Schindelin [Fri, 28 Jul 2017 20:30:59 +0000 (22:30 +0200)]
curl_ntlm_core: don't complain but #include OpenSSL header if needed

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: encapsulate SSL backend-specific data
Johannes Schindelin [Fri, 28 Jul 2017 20:09:35 +0000 (22:09 +0200)]
vtls: encapsulate SSL backend-specific data

So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.

This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.

Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.

To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().

This requires us to take extra care of alignment issues: struct fields
often need to be aligned on certain boundaries e.g. 32-bit values need to
be stored at addresses that divide evenly by 4 (= 32 bit / 8
bit-per-byte).

We do that by assuming that no SSL backend's private data contains any
fields that need to be aligned on boundaries larger than `long long`
(typically 64-bit) would need. Under this assumption, we simply add a
dummy field of type `long long` to the `struct connectdata` struct. This
field will never be accessed but acts as a placeholder for the four
instances of ssl_backend_data instead. the size of each ssl_backend_data
struct is stored in the SSL backend-specific metadata, to allow
allocate_conn() to know how much extra space to allocate, and how to
initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
pointers.

This would appear to be a little complicated at first, but is really
necessary to encapsulate the private data of each SSL backend correctly.
And we need to encapsulate thusly if we ever want to allow selecting
CyaSSL and OpenSSL at runtime, as their headers cannot be included within
the same .c file (there are just too many conflicting definitions and
declarations for that).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: prepare the SSL backends for encapsulated private data
Johannes Schindelin [Wed, 21 Jun 2017 10:41:18 +0000 (12:41 +0200)]
vtls: prepare the SSL backends for encapsulated private data

At the moment, cURL's SSL backend needs to be configured at build time.
As such, it is totally okay for them to hard-code their backend-specific
data in the ssl_connect_data struct.

In preparation for making the SSL backend a runtime option, let's make
the access of said private data a bit more abstract so that it can be
adjusted later in an easy manner.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agourldata.h: move SSPI-specific #include to correct location
Johannes Schindelin [Sun, 30 Jul 2017 21:19:19 +0000 (23:19 +0200)]
urldata.h: move SSPI-specific #include to correct location

In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables,
2014-12-03), an SSPI-specific field was added to the kerberos5data
struct without moving the #include "curl_sspi.h" later in the same file.

This broke the build when SSPI was enabled, unless Secure Channel was
used as SSL backend, because it just so happens that Secure Channel also
requires "curl_sspi.h" to be #included.

In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled,
2017-02-21), this bug was fixed incorrectly: Instead of moving the
appropriate conditional #include, the Secure Channel-conditional part
was now also SSPI-conditional.

Fix this problem by moving the correct #include instead.

This is also required for an upcoming patch that moves all the Secure
Channel-specific stuff out of urldata.h and encapsulates it properly in
vtls/schannel.c instead.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agourldata.h: remove support for obsolete PolarSSL version
Johannes Schindelin [Fri, 28 Jul 2017 20:49:13 +0000 (22:49 +0200)]
urldata.h: remove support for obsolete PolarSSL version

Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require
a newer PolarSSL version. No need to keep code trying to support any
older version.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agogetinfo: access SSL internals via Curl_ssl
Johannes Schindelin [Fri, 23 Jun 2017 14:05:26 +0000 (16:05 +0200)]
getinfo: access SSL internals via Curl_ssl

In the ongoing endeavor to abstract out all SSL backend-specific
functionality, this is the next step: Instead of hard-coding how the
different SSL backends access their internal data in getinfo.c, let's
implement backend-specific functions to do that task.

This will also allow for switching SSL backends as a runtime option.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agovtls: move SSL backends' private constants out of their header files
Johannes Schindelin [Mon, 26 Jun 2017 15:05:49 +0000 (17:05 +0200)]
vtls: move SSL backends' private constants out of their header files

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>